[go: up one dir, main page]

EP1084465B1 - Method for secured access to data in a network - Google Patents

Method for secured access to data in a network Download PDF

Info

Publication number
EP1084465B1
EP1084465B1 EP99929131A EP99929131A EP1084465B1 EP 1084465 B1 EP1084465 B1 EP 1084465B1 EP 99929131 A EP99929131 A EP 99929131A EP 99929131 A EP99929131 A EP 99929131A EP 1084465 B1 EP1084465 B1 EP 1084465B1
Authority
EP
European Patent Office
Prior art keywords
data
access system
rights
area access
data area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP99929131A
Other languages
German (de)
French (fr)
Other versions
EP1084465A1 (en
Inventor
Paul Péré
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP1084465A1 publication Critical patent/EP1084465A1/en
Application granted granted Critical
Publication of EP1084465B1 publication Critical patent/EP1084465B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Definitions

  • the invention relates to a method for secure access to data in a network, especially in a network with an information center and at least one data space access system, wherein the term data space access system is understood to mean a device, the storage space (Dataroom) provides and access to stored Data allows.
  • data space access system is understood to mean a device, the storage space (Dataroom) provides and access to stored Data allows.
  • a special task in the transmission of medical data is it to guarantee the individual personality rights of the patient.
  • the transmission of medical information practiced today is always illegal if not on a medical Group such as As a hospital or a medical practice is limited.
  • One Practical network with hundreds of different practices and hospitals as closed To label a group would probably be legal To bypass the privacy of patients. In In this case, a patient would have no option to all group members know, and could of his right to choose another group, such as B. another hospital, make little use.
  • From W098 / 15910 A is a procedure for secure and confidential exchange medical data in a multi-participant system known.
  • access to data of a subscriber is only as far as possible, as this access is legitimized by a password.
  • the owner of the rights define access rights to certain data.
  • the once stored Data remains in its storage space and is not centralized collected. Access to such stored data is only possible with the authorization of the owner of the rights to these data possible.
  • For medical data means this z. B. that they are in the place of their creation remain and that other doctors only with the permission of the respective Patients can access this data.
  • Such a permit can be general for certain doctors or even for an individual case.
  • the inventive method using the example of a practice network explained.
  • the system serves to supply a group of Doctors with the medical records of their patients.
  • the system can be accessed by several doctors, each with access on a Dataroom access system.
  • the system has an information center.
  • FIG 1 is this system for simplicity with only two Dataroom access systems 1, 2, one of which is an identifier DRZS1 and the another has an identifier DRZS2.
  • Such a data room access system 1, 2 may be constructed at the workplace of one or more doctors, eg. B. is shown in Figure 1, that the data space access system 2 in a practice a doctor B and the data room access system 1 a hospital are constructed in which a doctor A has access to it.
  • Each data room access system 1, 2 can communicate with the information center via a network 4 3 or another data room access system 1, 2 communicate.
  • Each Dataroom Access System 1, 2 contains a secure datastore, in which the medical data of patients can be stored. This memory is accessed by accessing only one data access the method according to the invention can take place, whereby a data abuse with data stored in this memory is not possible. Further is ensured by the inventive method that only new data can be stored, not those already in another Dataroom access system 1, 2 were stored. Next can both the doctor and the patient independently the data room access system 1. 2 with the information center 3 or one other data space access system connected to the network 4 1, 2 communicate, with only a doctor can save data.
  • Personal information can also be a special disk, such as z. B. a smart card can be used.
  • the public keys of the participants, the information center 3 and the individual data space access systems 1, 2 can z. B. centrally in the information center 3 stored.
  • FIG. 2 shows the generation of data of a patient and the process how this data is made available in the system.
  • the patient N visits the doctor A and leaves a new one medical data unit, e.g. B. create an X-ray image. If it is the patient N wishes, this data unit can through the practice network other doctors to provide.
  • the type of data here is the indication that it is an X-ray image of the patient N, the doctor A on day X has taken.
  • the type of data only one of these details, or more details be added, such as the identifier DRZS1 of the data storing data Dataroom access system 1.
  • the data of the x-ray image are combined with the electronic form in the secure data store the data space access system 1 stored.
  • the saving of data is only if the owner of the rights to these data is authorized, this can z. B. serve the smart card of the patient.
  • a second step S2 the information center 3 is accessed by the data space access system 1 notifies that it has new data, namely an x-ray of the patient N.
  • Such a notification can either immediately after saving the new data or to a specific one Time happen, z. B. regularly at a specific time.
  • the information center 3 to certain Timing requests to each Dataroom access system 1, 2 sends if new data has been saved.
  • a third step S3 the information center 3 registers the presence X-ray image of patient N from day X with availability in the Dataroom access system 1 and assigns this data to one simply existing identification, for. Eg NXAX. after which this identification with an alerting confirmation from the information center 3 to the data room access system 1 is transmitted.
  • the Dataroom Access System 1 becomes the so-assigned identifier for managing the associated data used by adding it to the data. About a corresponding Configuration can be guaranteed that data is not are multiple times in the system.
  • a review of the authorization the data storage by the patient. In case of non-authorization No participant will be granted access to this data.
  • the hollow means Arrow transmission of data in the system, that is, the storage new data in a Dataroom access system 1, 2, and the normal Arrows each communication via the network 4, such. B. a request or notifications. It can therefore be recognized on the basis of FIG. 2 that in the system described the medical data is not in the Information Center 3, but after their storage always remain in the Dataroom Access System 1. The information center 3 keeps only the references to this data and never the data itself.
  • a data transmission via the network 4 means next to normal arrows displayed rectangles in which the respective transmitted data.
  • FIG. 3 shows the attempt of data access via the practice network.
  • the patient N visits a doctor B who has a data room access system 2 with the identifier DRZS2 owns.
  • This doctor B requires z. B. a current x-ray image of the patient N. Therefore he sends in one Step S4 from its Dataroom Access System 2 request X-ray images of the patient N to the information center 3.
  • the information center 3 provides a list of references to all x-ray images of the Patients N currently present in the whole system, d. H. in all connected data space access systems 1, 2 are stored and registered by the Information Center 3.
  • Information Center 3 the access rights to the listed in this list Data regarding the doctor B, from which the inquiry about X-ray images of the patient N, and transmits only the references in a step S5 X-ray images of the patient N, to whom the doctor B the access rights from the client N, who in this case is the owner of the rights to his Data is received. Since in this case z. From the patient N no access rights have been defined for his X-ray images, this list is empty. Therefore, the information center 3 sends a message "No data found" to the Dataroom access system 2. This gives Send this message to the doctor B.
  • Figure 4 illustrates the definition of access rights of the patient in the information center 3 dar.
  • the patient N may in a step S6 z.
  • Through the Dataroom Access System 2 is a list of all of his currently available in the overall system retrieve standing data from the information center 3. Alternatively, he can too just retrieve a list of specific data.
  • the information center will submit this request and send the requested one List to the Dataroom Access System 2.
  • the patient N can now access rights at the data indicated by the list. Does he have z. B. a list of all his x-ray images requested, he can define that the doctor B and / or any other doctor or group of doctors on the x-ray image produced by the doctor A on day X with identification NXAX can access. Such access rights may be limited in time or unlimited.
  • the access right may also be in advance for others in the future available data.
  • Has the patient N defines all desired access rights, so he can in one step S8 via the Dataroom Access System 2 an update of the access rights effect in the Inforamationscenter 3.
  • the information center 3 stores in a step S9 the changes and sends an acknowledgment back to the Dataroom Access System 2.
  • access rights can alternatively be assigned at the time, to which new data is stored in a data room access system 1, 2 become.
  • a patient or other rights holder in one Dataroom access system 1, 2 stored data may have access rights of Any data space access system 1. 2 assigned. Conceivable it would be z. B. that such Datraum access systems 1, 2 next to her Location in medical practices or hospitals also in pharmacies or that a practice network can also be accessed via the Internet can, making any Internet-enabled computer a data-room access system or at least could become an access system which does not provide storage space.
  • the owner of the rights in a data room access system 1, 2 stored data, here so the Patient is the only person due to his authorization and identification the access rights are displayed by the information center 3 and / or which you can modify in the information center 3.
  • Figure 5 shows the necessary for a successful access to certain data Procedure.
  • X-ray picture of the patient N with the identification NXAX for the doctor B by the patient N starts the doctor B in a step S10 a new request to the information center, all references to the X-ray images of patient N indicate.
  • a step S 11 represents the Information Center is a list of all references currently in all Dataroom access systems existing X-ray images of the patient N together, checks the access permissions regarding the requesting physician B and selects only the X-ray images that access the doctor B. is allowed to add the associated references to the Dataroom Access System 2 from which the doctor B sends the request to the information center has executed. In this case, z.
  • the doctor B selects the X-ray image with the identification NXAX, whereupon the data space access system 2 requests the physician B via the X-ray image with the identification NXAX to the Dataroom access system with the ID DRZS1, here the Dataroom access system 1 sends.
  • the data room access system 1 then sends a request to the information center 3 to confirm that the Doctor B the access rights to the X-ray with the identification NXAX has.
  • the information center 3 responds in a step S 14 with a Confirmation, whereupon the Dataroom Access System 1 in one step S 15 the data of the X-ray image with the identification NXAX to the Dataroom access system 2 transmits.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Nitrogen And Oxygen Or Sulfur-Condensed Heterocyclic Ring Systems (AREA)

Abstract

A method for secured access to data in a network has the effect that data protection rights are respected, especially personal data present in a network with distributed memories. The method is based on the granting of access rights, with the possibility of revocation, to the data available in the network, and the storage of data within the network only after authorization by the owner of the rights to the data. When certain data are requested, only the references of those data records to which the requesting party also has the access rights can be given. Identification of the data is not possible without access rights. Should certain data be accessed, the access rights may be verified before data access is permitted.

Description

Die Erfindung betriff ein Verfahren zum abgesicherten Zugriff auf Daten in einem Netzwerk, im Speziellen in einem Netzwerk mit einem Informationscenter und wenigstens einem Datenraum-Zugriffssystem, wobei unter dem Begriff Datenraum-Zugriffssystem eine Einrichtung verstanden wird, die Speicherplatz (Datenraum) zur Verfügung stellt und den Zugriff auf gespeicherte Daten ermöglicht.The invention relates to a method for secure access to data in a network, especially in a network with an information center and at least one data space access system, wherein the term data space access system is understood to mean a device, the storage space (Dataroom) provides and access to stored Data allows.

In der nahen Zukunft sollen für unterschiedliche Interessengruppen eines öffentlichen oder privaten Sektors beispielsweise im Gesundheitswesen, etwa für die Krankenkassen, das Gesundheitsministerium und medizinische Zusammenschlüsse, die sogenannten "Praxisnetze" entwickelt werden. Der Grundgedanke dieser Praxisnetze ist es, daß aufgrund einer besseren Kommunikation zwischen unterschiedlichen Arztpraxen und/oder Krankenhäusern zur Zeit häufig noch redundant ausgeführte medizinische Untersuchungen reduziert werden können. In diesem Sinne wäre es z. B. nicht nötig, ein weiteres Röntgenbild einer Lunge eines Patienten zu erstellen, wenn eine erneute Diagnose z. B. eines anderen Arztes unter Zuhilfenahme eines leicht zugänglichen kürzlich aufgenommenen Röntgenbildes der Lunge dieses Patienten möglich wäre. Es liegt im öffentlichen Interesse und dem der Versicherungsgesellschaften, die Gesundheitskosten zu reduzieren, weswegen insbesondere letztere autonome medizinische Netzwerke aufbauen möchten, mit deren Hilfe unterschiedliche Ärzte eines Patienten zu seiner besseren und kostengünstigeren medizinischen Versorgung auch auf die bereits von ihren Kollegen erstellten Daten dieses Patienten zugreifen können.In the near future, for different interest groups public or private sector, for example in health care, for example for health insurances, the Ministry of Health and medical associations, the so-called "practice networks" are developed. Of the The basic idea of these practice networks is that, due to better communication between different medical practices and / or hospitals at present often redundant medical examinations can be reduced. In this sense, it would be z. B. not necessary to create another x-ray image of a patient's lungs, though a new diagnosis z. B. another doctor with the help of a easily accessible recently recorded X-ray of the lungs of this Patients would be possible. It is in the public interest and that of the Insurance companies that reduce health care, therefore especially the latter to build autonomous medical networks With the help of which different doctors of a patient to his Better and cheaper medical care on the already data created by her colleagues can access this patient.

Bei heute schon aufgebauten Versuchsmodellen besteht das Hauptproblem darin, eine sichere Kommunikation zu gewährleisten. Es sind unterschiedliche Lösungen der Verbindung eines Arztes zu medizinischen Einheiten bekannt, die hauptsächlich auf eine bestimmte Gruppe von Ärzten begrenzt sind, z. B. die Radiologen, wobei naturgemäß eine Beschränkung auf eine spezielle Art der Information/Daten vorgegeben ist, z. B. Röntgenaufnahmen.In today already constructed experimental models, the main problem in ensuring secure communication. They are different Solutions of a doctor's connection to medical units known which is mainly limited to a specific group of doctors are, for. As the radiologist, being naturally a limitation to a special type of information / data is given, z. B. X-rays.

Es existieren schon einige nationale und internationale Standards, die die Art der Erzeugung und Übertragung von medizinischen Daten definieren. z. B. DICOM für Röntgenaufnahmen. BDT für die Daten eines Patienten. GDT für medizinische Daten, die von medizinischen Geräten erzeugt wurden, z. B. von einem Elektrokardiographen oder anderen Einrichtungen. Hierbei werden hinsichtlich der abgesicherten Übertragung von medizinischen Daten keine speziellen Anforderungen gestellt, da dies aufgrund unterschiedlicher bekannter Verschlüsselungsmechanismen heute kein Problem mehr ist.There are already some national and international standards that the Define the type of generation and transmission of medical data. z. B. DICOM for X-rays. BDT for a patient's data. GDT for medical data generated by medical devices were, z. B. from an electrocardiograph or other facilities. Hereby, regarding the secured transmission of medical Data no special requirements, as this is due no different known encryption mechanisms today no Problem is more.

Eine besondere Aufgabe bei der Übertragung von medizinischen Daten ist es, die individuellen Persönlichkeitsrechte des Patienten zu gewährleisten. Die heute praktizierte Übertragung von medizinischen Informationen ist immer dann illegal, wenn sie nicht auf eine abgeschlossene medizinische Gruppe wie z. B. ein Krankenhaus oder eine Arztpraxis begrenzt ist. Ein Praxisnetz mit hunderten verschiedener Praxen und Krankenhäusern als abgeschlossene Gruppe zu bezeichnen wäre im rechtlichen Sinne wohl als eine Umgehung der Persönlichkeitsrechte von Patienten zu interpretieren. In diesem Fall hätte ein Patient keine Möglichkeit, alle Gruppenmitglieder zu kennen, und könnte von seinem Recht der Auswahl einer anderen Gruppe, wie z. B. eines anderen Krankenhauses, kaum Gebrauch machen.A special task in the transmission of medical data is it to guarantee the individual personality rights of the patient. The transmission of medical information practiced today is always illegal if not on a medical Group such as As a hospital or a medical practice is limited. One Practical network with hundreds of different practices and hospitals as closed To label a group would probably be legal To bypass the privacy of patients. In In this case, a patient would have no option to all group members know, and could of his right to choose another group, such as B. another hospital, make little use.

Aus W098/ 15910 A ist ein Verfahren zum sicheren und vertraulichen Austausch medizinischer Daten in einem System mit zahlreichen Teilnehmern bekannt. In diesem System ist ein Zugriff auf Daten eines Teilnehmers nur insoweit möglich, als dieser Zugriff durch ein Paßwort legitimiert ist.From W098 / 15910 A is a procedure for secure and confidential exchange medical data in a multi-participant system known. In this system, access to data of a subscriber is only as far as possible, as this access is legitimized by a password.

Es ist Aufgabe der vorliegenden Erfindung, ein Verfahren zum abgesicherten Zugriff auf Daten in einem Netzwerk anzugeben, bei dem nur der Inhaber der Rechte an den Daten frei über diese verfügen kann.It is an object of the present invention to provide a method for secure To provide access to data on a network with only the owner the rights to the data may freely dispose of them.

Diese Aufgabe wird erfindungsgemäß durch ein Verfahren mit den Merkmalen des Patentanspruches 1 gelöst. Vorteilhafte Weiterbildungen dieses Verfahrens finden sich in den abhängigen Patentansprüchen 2 bis 24.This object is achieved by a method with the features of claim 1. Advantageous developments of this Method can be found in the dependent claims 2 to 24.

Nach dem erfindungsgemäßen Verfahren kann allein der Inhaber der Rechte an bestimmten Daten Zugriffsrechte auf diese definieren. Die einmal gespeicherten Daten verbleiben an ihrem Speicherplatz und werden nicht zentralisiert gesammelt. Ein Zugriff auf solche abgespeicherten Daten ist nur mit der Autorisierung des Inhabers der Rechte an diesen Daten möglich. Für medizinische Daten bedeutet dies z. B., daß sie an dem Ort ihrer Erstellung verbleiben und daß andere Ärzte nur mit der Erlaubnis des jeweiligen Patienten auf diese Daten zugreifen können. Eine solche Erlaubnis kann allgemein für bestimmte Ärzte oder auch nur für den Einzelfall erteilt werden. By the method according to the invention alone the owner of the rights define access rights to certain data. The once stored Data remains in its storage space and is not centralized collected. Access to such stored data is only possible with the authorization of the owner of the rights to these data possible. For medical data means this z. B. that they are in the place of their creation remain and that other doctors only with the permission of the respective Patients can access this data. Such a permit can be general for certain doctors or even for an individual case.

Auch ist es möglich, eine einmal erteilte Erlaubnis wieder zu entziehen.It is also possible to withdraw a permit once given.

Die Erfindung und vorteilhafte Weiterbildungen werden nachfolgend anhand eines Beispiels unter Bezugnahme auf die Zeichnungen näher erläutert. Es zeigen:

Figur 1
einen beispielhaften Aufbau eines Netzwerks, in dem das erfindungsgemäße Verfahren Anwendung finden kann:
Figur 2
die Erzeugung und Abspeicherung von Daten nach dem erfindungsgemäßen Verfahren:
Figur 3
ein Beispiel einer erfolglosen Anfrage nach bestimmten Daten;
Figur 4
den Abruf und die Erteilung von Zugriffsrechten an bestimmten Daten durch den Inhaber der Rechte an diesen Daten;
Figur 5
ein Beispiel einer erfolgreichen Anfrage nach Daten und ihrer Übertragung an die anfragende Stelle.
The invention and advantageous developments are explained in more detail using an example with reference to the drawings. Show it:
FIG. 1
an exemplary structure of a network in which the inventive method may find application:
FIG. 2
the generation and storage of data by the method according to the invention:
FIG. 3
an example of an unsuccessful request for specific data;
FIG. 4
the retrieval and granting of access to certain data by the holder of the rights to such data;
FIG. 5
an example of a successful request for data and its transmission to the requesting body.

Im folgenden wird das erfindungsgemäße Verfahren am Beispiel eines Praxisnetzes erläutert. Hier dient das System zur Versorgung einer Gruppe von Ärzten mit den medizinischen Unterlagen ihrer Patienten.In the following, the inventive method using the example of a practice network explained. Here the system serves to supply a group of Doctors with the medical records of their patients.

Auf das System können mehrere Ärzte zugreifen, die jeweils einen Zugang auf ein Datenraum-Zugriffssystem haben müssen. Neben diesen Datenraüm-Zugriffssystemen weist das System einen Informationscenter auf. In der Figur 1 ist dieses System zur Vereinfachung mit lediglich zwei Datenraum-Zugriffssystemen 1, 2 gezeigt, von denen eins eine Kennung DRZS1 und das andere eine Kennung DRZS2 aufweist. Solch ein Datenraum-Zugriffssystem 1, 2 kann am Arbeitsplatz eines oder mehrerer Ärzte aufgebaut sein, z. B. ist in der Figur 1 gezeigt, daß das Datenraum-Zugriffssystem 2 in einer Praxis eines Arztes B und das Datenraum-Zugriffssystem 1 einem Krankenhaus aufgebaut sind, in dem ein Arzt A eine Zugriffsberechtigung dafür besitzt. Jedes Datenraum-Zugriffssystem 1, 2 kann über ein Netzwerk 4 mit dem Informationscenter 3 oder einem anderen Datenraum-Zugriffssystem 1, 2 kommunizieren. The system can be accessed by several doctors, each with access on a Dataroom access system. In addition to these data-volume access systems the system has an information center. In the figure 1 is this system for simplicity with only two Dataroom access systems 1, 2, one of which is an identifier DRZS1 and the another has an identifier DRZS2. Such a data room access system 1, 2 may be constructed at the workplace of one or more doctors, eg. B. is shown in Figure 1, that the data space access system 2 in a practice a doctor B and the data room access system 1 a hospital are constructed in which a doctor A has access to it. Each data room access system 1, 2 can communicate with the information center via a network 4 3 or another data room access system 1, 2 communicate.

Jedes Datenraum-Zugriffssystem 1, 2 enthält einen sicheren Datenspeicher, in dem die medizinischen Daten von Patienten gespeichert werden können. Dieser Speicher ist dadurch zugriffgesichert, daß ein Datenzugriff nur über das erfindungsgemäße Verfahren erfolgen kann, wodurch ein Datenmißbrauch mit in diesem Speicher gespeicherten Daten nicht möglich ist. Weiter ist durch das erfindungsgemäße Verfahren gewährleistet, daß nur neue Daten gespeichert werden können, also nicht solche, die bereits in einem anderen Datenraum-Zugriffssystem 1, 2 gespeichert waren. Weiter können sowohl der jeweilige Arzt als auch der Patient unabhängig voneinander über das Datenraum-Zugriffssystem 1. 2 mit dem Informationscenter 3 oder einem anderen an das Netzwerk 4 angeschlossenen Datenraum-Zugriffssystem 1, 2 kommunizieren, wobei nur ein Arzt Daten speichern kann.Each Dataroom Access System 1, 2 contains a secure datastore, in which the medical data of patients can be stored. This memory is accessed by accessing only one data access the method according to the invention can take place, whereby a data abuse with data stored in this memory is not possible. Further is ensured by the inventive method that only new data can be stored, not those already in another Dataroom access system 1, 2 were stored. Next can both the doctor and the patient independently the data room access system 1. 2 with the information center 3 or one other data space access system connected to the network 4 1, 2 communicate, with only a doctor can save data.

In dem Informationscenter 3 werden Referenzen zu den Daten der Patienten und die dazugehörige Identifizierungsinformation der Patienten und Ärzte zentralisiert gespeichert.In the information center 3, references to the data of the patients and the associated identification information of patients and physicians stored centrally.

Die Sicherheit der einzelnen Datenübertragungen innerhalb dieses Systems wird über eine Verschlüsselung der Datenübertragungen zwischen allen Teilnehmern gewährleistet. Hierbei wird jede innerhalb des Systems übertragene Information mit einer digitalen Signatur versehen. Bei jedem Zugang wird eine Autorisierung verlangt, und alle Daten werden in verschlüsselter Form übertragen und gespeichert. Jeder Teilnehmer, z. B. ein Arzt oder ein Patient, sowie das Informationscenter und jedes Datenraum-Zugriffssystem verfügen über zwei Paare von öffentlichen und geheimen Schlüsseln zur Datenkodierung. Ein Paar dieser Schlüssel, genannt die Verschlüsselungsschlüssel, wird für die sichere Datenübertragung verwendet und das andere, nämlich die Signaturschlüssel, versieht die übertragene Information und bestätigt dadurch den Absender mit einer digitalen Signatur. Die geheimen Schlüssel sind nur dem jeweiligen Teilnehmer, Informationscenter oder Datenraum-Zugriffssystem bekannt, wohingegen die öffentlichen Schlüssel allen Teilnehmern zugänglich sind, d. h., daß jeder in dem System vorhandene Teilnehmer die Möglichkeit hat, einen öffentlichen Schlüssel jedes anderen Teilnehmers zu bekommen. Immer, wenn ein Teilnehmer eine Information über das Netzwerk versendet, wird das folgende Verfahren ausgeführt:

  • 1. Der Sender versieht die von ihm gesendete Information mit einer digitalen Signatur, indem er seinen geheimen Signaturschlüssel verwendet. Hierdurch kann der Sender nicht nachgeahmt werden, wobei der Empfänger eine verwendete digitale Signatur mit Hilfe des öffentlichen Signaturschlüssels bestätigen kann. Wenn z. B. ein Datenraum-Zugriffssystem die Information über einen Patienten an das Informationscenter versendet, muß diese Information bei der Erzeugung von Daten ebenfalls mit dem geheimen Signaturschlüssel dieses Patienten versehen sein. Hierdurch wird gesichert, daß die Information wirklich zu dem benannten Patienten gehört, und daß dieser der Übertragung dieser Information zustimmt.
  • 2. Der Sender verschlüsselt alle übertragenen Daten mittels eines öffentlichen Verschlüsselungsschlüssels des Empfängers, an den die Daten übertragen werden. Hierdurch können diese übertragenen Daten nur unter Verwendung des geheimen Verschlüsselungsschlüssels des Empfängers entschlüsselt werden.
  • 3. Immer, wenn ein Teilnehmer auf das System zugreift, muß er autorisiert sein und seine Identität bestätigt haben. Ein spezieller Datenträger, wie z. B. eine Chipkarte, kann zur Überprüfung der Identität des Teilnehmers dienen. Natürlich können auch andere Verfahren zur Personenidentifizierung eingesetzt werden, wie z. B. die Spracherkennung, die Bilderkennung, die Erkennung von Fingerabdrücken etc.. von denen jedes einzeln oder in Kombination eingesetzt werden kann.
    • The security of the individual data transmissions within this system is ensured by an encryption of the data transmissions between all participants. In this case, each information transmitted within the system is provided with a digital signature. Each access requires authorization and all data is transmitted and stored in encrypted form. Each participant, z. As a doctor or a patient, and the information center and each Dataroom access system have two pairs of public and private keys for data encoding. One pair of these keys, called the encryption keys, is used for secure data transmission, and the other, the signature keys, provides the transmitted information, thereby confirming the sender with a digital signature. The secret keys are known only to the respective subscriber, information center or data room access system, whereas the public keys are accessible to all subscribers, ie each subscriber present in the system has the possibility to receive a public key of each other subscriber. Whenever a subscriber sends information over the network, the following procedure is performed:
  • 1. The sender provides the information he has sent with a digital signature by using his secret signature key. As a result, the transmitter can not be imitated, the receiver can confirm a used digital signature using the public signature key. If z. For example, if a data room access system sends the information about a patient to the information center, that information must also be provided with the secret signature key of that patient when generating data. This ensures that the information really belongs to the named patient and that he agrees to the transmission of this information.
  • 2. The sender encrypts all transmitted data using a public encryption key of the recipient to whom the data is transmitted. As a result, these transmitted data can only be decrypted using the secret encryption key of the recipient.
  • 3. Whenever a participant accesses the system, he must be authorized and have confirmed his identity. A special disk, such as. As a smart card, can serve to verify the identity of the subscriber. Of course, other methods for personal identification can be used, such. As the speech recognition, the image recognition, the detection of fingerprints etc .. each of which can be used individually or in combination.

    • Als sicherer Speicher für die geheimen Schlüssel eines Teilnehmers und andere persönliche Information kann ebenfalls ein spezieller Datenträger, wie z. B. eine Chipkarte, eingesetzt werden.As a secure storage for a subscriber's secret keys and others Personal information can also be a special disk, such as z. B. a smart card can be used.

    Die öffentlichen Schlüssel der Teilnehmer, des Informationscenter 3 und der einzelnen Datenraum-Zugriffssysteme 1, 2 können z. B. zentral in dem Informationscenter 3 gespeichert sein.The public keys of the participants, the information center 3 and the individual data space access systems 1, 2 can z. B. centrally in the information center 3 stored.

    Die Figur 2 zeigt die Erzeugung von Daten eines Patienten und den Vorgang, wie diese Daten im System zur Verfügung gestellt werden. FIG. 2 shows the generation of data of a patient and the process how this data is made available in the system.

    Z. B. sucht der Patient N an einem Tag X den Arzt A auf und läßt eine neue medizinische Dateneinheit, z. B. ein Röntgenbild, erstellen. Wenn es der Patient N wünscht, kann diese Dateneinheit über das Praxisnetz anderen Ärzten zur Verfügung gestellt werden. In diesem Fall werden die zu speichernden Daten des Röntgenbildes in einem ersten Schritt S1 in einer elektronischen Form zusammen mit einem elektronischen Formular, welches den Typ der Daten enthält, in dem Datenraum-Zugriffssystem 1 mit der Kennung DRZS1 des Arztes A gespeichert. Der Typ der Daten besteht hier in der Angabe, daß es sich um ein Röntgenbild des Patienten N handelt, das der Arzt A am Tag X aufgenommen hat. Es ist auch möglich, daß der Typ der Daten lediglich aus einer dieser Angaben besteht, oder daß noch weitere Angaben hinzugefügt werden, wie z.B. die Kennung DRZS1 des die Daten speichernden Datenraum-Zugriffssystems 1. Die Daten des Röntgenbildes werden zusammen mit dem elektronischen Formular in dem gesicherten Datenspeicher des Datenraum-Zugriffssystems 1 gespeichert. Das Speichern von Daten ist nur bei einer Autorisierung des Inhabers der Rechte an diesen Daten möglich, hierzu kann z. B. die Chipkarte des Patienten dienen.For example, on a day X, the patient N visits the doctor A and leaves a new one medical data unit, e.g. B. create an X-ray image. If it is the patient N wishes, this data unit can through the practice network other doctors to provide. In this case, the to be stored Data of the X-ray image in a first step S1 in an electronic Form together with an electronic form which shows the type the data contains, in the Dataroom access system 1 with the identifier DRZS1 of the physician A stored. The type of data here is the indication that it is an X-ray image of the patient N, the doctor A on day X has taken. It is also possible that the type of data only one of these details, or more details be added, such as the identifier DRZS1 of the data storing data Dataroom access system 1. The data of the x-ray image are combined with the electronic form in the secure data store the data space access system 1 stored. The saving of data is only if the owner of the rights to these data is authorized, this can z. B. serve the smart card of the patient.

    In einem zweiten Schritt S2 wird das Informationscenter 3 von dem Datenraum-Zugriffssystem 1 benachrichtigt, daß es neue Daten aufweist, nämlich ein Röntgenbild des Patienten N. Eine solche Benachrichtigung kann entweder unmittelbar nach der Speicherung der neuen Daten oder zu einem bestimmten Zeitpunkt geschehen, z. B. regelmäßig zu einer bestimmten Uhrzeit. Natürlich ist es auch möglich, daß das Informationscenter 3 zu bestimmten Zeitpunkten Anfragen an jedes Datenraum-Zugriffssystem 1, 2 schickt, ob neue Daten gespeichert wurden.In a second step S2, the information center 3 is accessed by the data space access system 1 notifies that it has new data, namely an x-ray of the patient N. Such a notification can either immediately after saving the new data or to a specific one Time happen, z. B. regularly at a specific time. Of course, it is also possible that the information center 3 to certain Timing requests to each Dataroom access system 1, 2 sends if new data has been saved.

    In einem dritten Schritt S3 registriert das Informationscenter 3 das Vorhandensein des Röntgenbilds des Patienten N vom Tag X mit der Verfügbarkeit im Datenraum-Zugriffssystem 1 und weist diesen Daten eine nur einfach vorhandene Identifizierung zu, z. B. NXAX. wonach diese Identifizierung mit einer benachrichtigenden Bestätigung vom Informationscenter 3 an das Datenraum-Zugriffssystem 1 übertragen wird. Im Datenraum-Zugriffssystem 1 wird die so zugewiesene Identifizierung zur Verwaltung der zugehörigen Daten verwendet, indem diese zu den Daten hinzugefügt wird. Über eine entsprechende Konfiguration kann gewährleistet werden, daß Daten nicht mehrfach im System vorhanden sind. Spätestens mit der Registrierung der Daten durch das Informationscenter 3 erfolgt hier eine Überprüfung der Autorisierung der Datenspeicherung durch den Patienten. Im Falle der Nichtautorisierung werden keinem Teilnehmer Zugriffsrechte auf diese Daten gewährt.In a third step S3, the information center 3 registers the presence X-ray image of patient N from day X with availability in the Dataroom access system 1 and assigns this data to one simply existing identification, for. Eg NXAX. after which this identification with an alerting confirmation from the information center 3 to the data room access system 1 is transmitted. In the Dataroom Access System 1 becomes the so-assigned identifier for managing the associated data used by adding it to the data. About a corresponding Configuration can be guaranteed that data is not are multiple times in the system. At the latest with the registration of Data through the information center 3 takes place here a review of the authorization the data storage by the patient. In case of non-authorization No participant will be granted access to this data.

    In der Figur 2, wie auch in den nachfolgenden Figuren bedeutet der hohle Pfeil eine Übertragung von Daten in das Systen, daß heißt die Speicherung neuer Daten in einem Datenraum-Zugriffssystem 1, 2, und die normalen Pfeile jeweils eine Kommunikation über das Netzwerk 4, wie z. B. eine Anfrage oder Benachrichtigungen. Es kann also anhand der Figur 2 erkannt werden, daß in dem beschriebenen System die medizinischen Daten nicht in das Informationscenter 3 kopiert werden, sondern nach ihrer Speicherung immer im Datenraum-Zugriffssystem 1 verbleiben. Das Informationscenter 3 hält nur die Referenzen zu diesen Daten und niemals die Daten selbst. Weiter wird in den Figuren eine Datenübertragung über das Netzwerk 4 mittels neben normalen Pfeilen dargestellten Rechtecken angezeigt, in denen die jeweils übertragenen Daten angegeben sind.In the figure 2, as well as in the following figures, the hollow means Arrow transmission of data in the system, that is, the storage new data in a Dataroom access system 1, 2, and the normal Arrows each communication via the network 4, such. B. a request or notifications. It can therefore be recognized on the basis of FIG. 2 that in the system described the medical data is not in the Information Center 3, but after their storage always remain in the Dataroom Access System 1. The information center 3 keeps only the references to this data and never the data itself. Next In the figures, a data transmission via the network 4 means next to normal arrows displayed rectangles in which the respective transmitted data.

    Die Figur 3 zeigt den Versuch eines Datenzugriffs über das Praxisnetz.FIG. 3 shows the attempt of data access via the practice network.

    An einem Tag Y besucht der Patient N einen Arzt B, der ein Datenraum-Zugriffssystem 2 mit der Kennung DRZS2 besitzt. Dieser Arzt B benötigt z. B. ein aktuelles Röntgenbild des Patienten N. Deshalb schickt er in einem Schritt S4 von seinem Datenraum-Zugriffssystem 2 eine Anfrage nach Röntgenbildern des Patienten N an das Informationscenter 3. Das Informationscenter 3 erstellt eine Liste der Referenzen zu allen Röntgenbildern des Patienten N, die zur Zeit im Gesamtsystem vorhanden sind, d. h. in allen angeschlossenen Datenraum-Zugriffssystemen 1, 2 gespeichert sind und vom Informationscenter 3 registriert wurden. Anschließend überprüft das Informationscenter 3 die Zugriffsrechte an den in dieser Liste aufgeführten Daten hinsichtlich des Arztes B, von dem die Anfrage über Röntgenbilder des Patienten N kam, und überträgt in einem Schritt S5 lediglich die Referenzen der Röntgenbilder des Patienten N, auf die der Arzt B die Zugriffsrechte vom Pateienten N, der in diesem Fall der Inhaber der Rechte an seinen Daten ist, erteilt bekommen hat. Da in diesem Fall z. B. von dem Patienten N noch keine Zugriffsrechte für seine Röntgenbilder definiert wurden, ist diese Liste leer. Deshalb sendet das Informationscenter 3 eine Nachricht "Keine Daten gefunden" an das Datenraum-Zugriffssystem 2. Dieses gibt diese Nachricht an den Arzt B aus.On a day Y, the patient N visits a doctor B who has a data room access system 2 with the identifier DRZS2 owns. This doctor B requires z. B. a current x-ray image of the patient N. Therefore he sends in one Step S4 from its Dataroom Access System 2 request X-ray images of the patient N to the information center 3. The information center 3 provides a list of references to all x-ray images of the Patients N currently present in the whole system, d. H. in all connected data space access systems 1, 2 are stored and registered by the Information Center 3. Then check that Information Center 3 the access rights to the listed in this list Data regarding the doctor B, from which the inquiry about X-ray images of the patient N, and transmits only the references in a step S5 X-ray images of the patient N, to whom the doctor B the access rights from the client N, who in this case is the owner of the rights to his Data is received. Since in this case z. From the patient N no access rights have been defined for his X-ray images, this list is empty. Therefore, the information center 3 sends a message "No data found" to the Dataroom access system 2. This gives Send this message to the doctor B.

    Demnach kann ohne Zugriffsrechte des Patienten, der der Inhaber der Rechte an den gespeicherten Daten ist, kein Arzt das Vorhandensein der Daten im System erkennen. Eine Durchbrechung dieses für bestimmte Daten, für die im einzelnen Zugriffsrechte definiert wurden, sicheren Systems ist nur möglich, wenn der Patient N z. B. allgemeine Zugriffsrechte auf seine gesamten Daten oder auf bestimmte Daten im voraus an bestimmte Ärzte gegeben hat. Auch in diesem Fall hat aber der Patient selbst bestimmt, wer auf seine Daten zugreifen kann, also wurden auch hier seine Datenschutzrechte gewahrt.Thus, without access rights of the patient, who owns the rights At the stored data, no doctor is the presence of the data recognize in the system. An opening of this for certain dates, for which were defined in the individual access rights, secure system is only possible if the patient N z. B. general access rights to its entire Data or specific data given in advance to certain doctors Has. In this case too, however, the patient himself has determined who is his Data, so his privacy rights have been respected.

    Die Figur 4 stellt die Definition von Zugriffsrechten des Patienten in dem Informationscenter 3 dar.Figure 4 illustrates the definition of access rights of the patient in the information center 3 dar.

    Der Patient N kann in einem Schritt S6 z. B. über das Datenraum-Zugriffssystem 2 eine Liste aller seiner zur Zeit im Gesamtsystem zur Verfügung stehenden Daten vom Informationscenter 3 abrufen. Alternativ kann er auch nur eine Liste von bestimmten Daten abrufen. In einem Schritt S7 verarbeitet das Informationscenter diese Anfrage und sendet die jeweils geforderte Liste an das Datenraum-Zugriffssystem 2. Der Patient N kann jetzt Zugriffsrechte an den durch die Liste aufgezeigten Daten definieren. Hat er z. B. eine Liste aller seiner Röntgenbilder angefordert, so kann er definieren, daß der Arzt B und/oder jeder andere Arzt oder eine bestimmte Gruppe von Ärzten auf das am Tag X vom Arzt A gefertigte Röntgenbild mit der Identifizierung NXAX zugreifen kann. Ein solches Zugriffsrecht kann zeitlich begrenzt oder unbegrenzt sein. Das Zugriffsrecht kann auch im voraus für andere in der Zukunft zur Verfügung stehende Daten vergeben werden. Hat der Patient N alle gewünschten Zugriffsrechte definiert, so kann er in einem Schritt S8 über das Datenraum-Zugriffssystem 2 eine Aktualisierung der Zugriffsrechte im Inforamationscenter 3 bewirken. Das Informationscenter 3 speichert in einem Schritt S9 die Änderungen und sendet eine Bestätigung zurück an das Datenraum-Zugriffssystem 2.The patient N may in a step S6 z. Through the Dataroom Access System 2 is a list of all of his currently available in the overall system retrieve standing data from the information center 3. Alternatively, he can too just retrieve a list of specific data. Processed in a step S7 the information center will submit this request and send the requested one List to the Dataroom Access System 2. The patient N can now access rights at the data indicated by the list. Does he have z. B. a list of all his x-ray images requested, he can define that the doctor B and / or any other doctor or group of doctors on the x-ray image produced by the doctor A on day X with identification NXAX can access. Such access rights may be limited in time or unlimited. The access right may also be in advance for others in the future available data. Has the patient N defines all desired access rights, so he can in one step S8 via the Dataroom Access System 2 an update of the access rights effect in the Inforamationscenter 3. The information center 3 stores in a step S9 the changes and sends an acknowledgment back to the Dataroom Access System 2.

    Diese Zugriffsrechte können alternativ auch zu dem Zeitpunkt vergeben werden, zu dem neue Daten in einem Datenraum-Zugriffssystem 1, 2 gespeichert werden. Ein Patient oder sonstiger Inhaber von Rechten an in einem Datenraum-Zugriffssystem 1, 2 gespeicherten Daten kann Zugriffsrechte von jedem beliebigen Datenraum-Zugriffssystem 1. 2 aus vergeben. Denkbar wäre es z. B., daß solche Datenraum-Zugriffssysteme 1, 2 neben ihrem Standort in Arztpraxen oder Krankenhäusern auch in Apotheken aufgestellt werden, oder daß auf ein Praxisnetz auch über das Internet zugegriffen werden kann, wodurch jeder internetfähige Computer zu einem Datenraum-Zugriffssystem oder zumindest zu einem Zugriffssystem werden könnte, welches keinen Speicherplatz zur Verfügung stellt. Der Inhaber der Rechte an in einem Datenraum-Zugriffssystem 1, 2 gespeicherten Daten, hier also der Patient, ist aufgrund seiner Autorisierung und Identifikation die einzige Person, der die Zugriffsrechte vom Informationscenter 3 angezeigt werden und/oder die sie im Informationscenter 3 modifizieren kann.These access rights can alternatively be assigned at the time, to which new data is stored in a data room access system 1, 2 become. A patient or other rights holder in one Dataroom access system 1, 2 stored data may have access rights of Any data space access system 1. 2 assigned. Conceivable it would be z. B. that such Datraum access systems 1, 2 next to her Location in medical practices or hospitals also in pharmacies or that a practice network can also be accessed via the Internet can, making any Internet-enabled computer a data-room access system or at least could become an access system which does not provide storage space. The owner of the rights in a data room access system 1, 2 stored data, here so the Patient, is the only person due to his authorization and identification the access rights are displayed by the information center 3 and / or which you can modify in the information center 3.

    Die Figur 5 zeigt den für einen erfolgreichen Zugriff auf bestimmte Daten nötigen Ablauf.Figure 5 shows the necessary for a successful access to certain data Procedure.

    Nach der Definition der Zugriffsrechte an den am Tag X vom Arzt A aufgenommenen Röntgenbild des Patienten N mit der Identifizierung NXAX für den Arzt B durch den Patienten N startet der Arzt B in einem Schritt S10 eine erneute Anfrage an das Informationscenter, alle Referenzen zu den Röntgenbildern des Patienten N anzugeben. In einem Schritt S 11 stellt das Informationscenter eine Liste der Referenzen aller zur Zeit in allen Datenraum-Zugriffssystemen vorhandenen Röntgenbilder des Patienten N zusammen, überprüft die Zugriffsberechtigungen hinsichtlich des anfragenden Arztes B und wählt lediglich die Röntgenbilder aus, auf die der Arzt B zugreifen darf, um die zugehörigen Referenzen an das Datenraum-Zugriffssystem 2 zu übertragen, von dem aus der Arzt B die Anfrage an das Informationscenter ausgeführt hat. In diesem Fall wird z. B. nur die Identifizierung NXAX des am Tag X vom Arzt A erstellten Röntgenbildes des Patienten N zusammen mit dem Speicherort/der Adresse, hier das Datenraum-Zugriffssystem 1 mit der Kennung DRZS1, an das Datenraum-Zugriffssystem 2 übertragen, welches dem Arzt B diese Information anzeigt. Der Arzt B kann also nur die Referenzen zu Daten sehen, auf die der Patient N dem Arzt B Zugriffsrechte gewährt hat. Die Referenzen können z. B. die Art der Daten, hier Röntgenbild, das Datum der Untersuchung, hier den Tag X, den untersuchenden Arzt, hier den Arzt A, den Speicherort der Daten, hier das Datenraum-Zugriffssystem 1 mit der Kennung DRZS1, oder auch noch weitere Daten enthalten. In einem Schritt S 12 wählt der Arzt B das Röntgenbild mit der Identifizierung NXAX aus, woraufhin das Datenraum-Zugriffssystem 2 eine Anfrage des Arztes B über das Röntgenbild mit der Identifizierung NXAX an das Datenraum-Zugriffssystem mit der Kennung DRZS1, hier das Datenraum-Zugriffssystem 1 sendet. In einem Schritt S13 sendet das Datenraum-Zugriffssystem 1 daraufhin eine Anfrage an das Informationscenter 3, um zu bestätigen, daß der Arzt B die Zugriffsrechte auf das Röntgenbild mit der Identifizierung NXAX besitzt. Das Informationscenter 3 antwortet in einem Schritt S 14 mit einer Bestätigung, woraufhin das Datenraum-Zugriffssystem 1 in einem Schritt S 15 die Daten des Röntgenbildes mit der Identifizierung NXAX an das Datenraum-Zugriffssystem 2 überträgt. Dieses stellt die empfangenen Daten des Röntgenbildes in akzeptabler Form dar und/oder läßt den Arzt B die Daten zur weiteren Verarbeitung speichern, wobei eine solche Speicherung nicht in dem sicheren Speicher des Datenraum-Zugriffssystems 2, sondern auf einem anderen Speichermedium erfolgen muß, denn sonst wären die Daten mehrfach im System vorhanden.After the definition of access rights to the recorded on day X by the doctor A. X-ray picture of the patient N with the identification NXAX for the doctor B by the patient N starts the doctor B in a step S10 a new request to the information center, all references to the X-ray images of patient N indicate. In a step S 11 represents the Information Center is a list of all references currently in all Dataroom access systems existing X-ray images of the patient N together, checks the access permissions regarding the requesting physician B and selects only the X-ray images that access the doctor B. is allowed to add the associated references to the Dataroom Access System 2 from which the doctor B sends the request to the information center has executed. In this case, z. For example, just identify NXAX's on day X by the doctor A created X-ray image of the patient N together with the storage location / address, here the data space access system 1 with the identifier DRZS1, transmitted to the data space access system 2, which the doctor B displays this information. The doctor B can therefore only the references see data to which the patient N grants access to the physician B. Has. The references can z. B. the type of data, here X-ray image, the date of the examination, here the day X, the examining doctor, Here is the doctor A, the location of the data, here the data room access system 1 with the identifier DRZS1, or even more data included. In At a step S 12, the doctor B selects the X-ray image with the identification NXAX, whereupon the data space access system 2 requests the physician B via the X-ray image with the identification NXAX to the Dataroom access system with the ID DRZS1, here the Dataroom access system 1 sends. In a step S13, the data room access system 1 then sends a request to the information center 3 to confirm that the Doctor B the access rights to the X-ray with the identification NXAX has. The information center 3 responds in a step S 14 with a Confirmation, whereupon the Dataroom Access System 1 in one step S 15 the data of the X-ray image with the identification NXAX to the Dataroom access system 2 transmits. This represents the received data the radiograph in acceptable form and / or leaves the doctor B the data store for further processing, such storage not in the secure memory of the Dataroom Access System 2, but must be done on another storage medium, otherwise the data would be multiple times in the system.

    Hat eine berechtigte Person die empfangenen Daten einmal für die weitere Verarbeitung gespeichert, so kann sie natürlich immer wieder auf diese gespeicherten Daten zugreifen. Ein Zugriff über das Praxisnetz ist jedoch nur solange möglich, wie es der Inhaber der Rechte an diesen Daten über die Definition der Zugriffsrechte erlaubt.Has an authorized person the received data once for the further Of course, processing stored, so it can always be stored on these Access data. However, access via the practice network is only possible as long as possible, as it is the holder of the rights to this data on the definition the access rights allowed.

    Da also nach dem erfindungsgemäßen Verfahren ein Speichern von bestimmten Daten nur mit der Zustimmung des Inhabers der Rechte an diesen Daten möglich ist und auch ein Abrufen solcher Daten nur mit Zustimmung des Inhabers der Rechte an diesen Daten möglich ist, werden die Persönlichkeitsrechte z. B. eines Patienten gewahrt. Das System arbeitet für jeglichen Benutzer vollkommen transparent, wobei der einzelne Benutzer keine Kenntnisse über die Sicherheits- oder Übertragungsverfahren haben muß. Durch die Verschlüsselung der gesendeten Daten können unberechtigte Personen nicht "mithören" und durch die Definition von bestimmten Zugriffsrechten für bestimmte Daten durch den Inhaber der Rechte an ihnen können keine unberechtigten Datenzugriffe erfolgen. Since, therefore, according to the method of the invention, a storage of certain Data only with the consent of the owner of the rights to these Data is possible and retrieval of such data only with consent the owner of the rights to these data is possible, the personal rights z. B. a patient. The system works for everyone User completely transparent, with the individual user no knowledge about the security or transmission procedures must have. By the encryption of the sent data can be unauthorized persons not "listening in" and by defining certain access rights for certain data by the holder of the rights to them can not unauthorized access to the data.

    Bei der Übertragung der Daten ist es von besonderem Vorteil, wenn die vom Inhaber der Zugriffsrechte festgelegte Zweckbindung der Übermittlung dieser Daten im ursprünglichen Datenkontext zusammen mit diesen Daten in Form "elektronischen Wasserzeichens" übermittelt und zusätzlich diese Daten sichtbar als zweckgebundene Kopie der Originaldaten gekennzeichnet werden.When transferring the data, it is of particular advantage if the from Holder of the access rights specified purpose of the transmission of these Data in the original data context together with this data in Form of "electronic watermark" and additionally this data Visibly marked as a dedicated copy of the original data become.

    Das erfindungsgemäße Verfahren zum abgesicherten Zugriff auf Daten in einem Netzwerk kann natürlich auch auf andere nicht-medizinische Netzwerke angewandt werden, da hier ein System zur Steuerung der Verteilung individueller Daten vorgeschlagen ist. Ein anderer Anwendungsbereich ist z. B. die Verteilung von Personendaten zu ihrer Identifikation, wodurch die Übertragung dieser Daten z. B. zwischen unterschiedlichen Verwaltungsbehörden ohne eine zentralisierte Datenbank der einzelnen Bürger flexibler gestaltet werden kann. Durch das erfindungsgemäße System hat nur der betroffene Bürger selbst und allein die Verfügungsgewalt über seine individuellen Daten.The inventive method for secure access to data in one Of course, network can also be applied to other non-medical networks be applied, since here a system for controlling the distribution of individual Data is proposed. Another area of application is z. B. the distribution of personal data to their identification, thereby reducing the transfer this data z. Between different administrative authorities made more flexible without a centralized database of individual citizens can be. By the system according to the invention has only the affected Citizens themselves and solely the power over their individual data.

    Claims (24)

    1. A method for secured access to data in a network including an information centre (3) and a plurality of data area access systems (1,2) in which permission to store and define access rights of third parties to data at the information centre (3) are limited to the owner of rights to said data to be stored, wherein:
      the data area access system (1,2) are not accessible to the owner of the rights.
      the data are stored only once and remain at their storage place and may not centrally gathered.
      registering the presence of data of a certain type in each data area access system (1) at said information centre (3), should he wish, defining access rights of third parties to said data at said information centre (3);
      transmitting a list of the data present of a certain type, specifying the data area access system (1) storing said data, from said information centre (3) to a requesting data area access system (2) for which the access rights of said requesting data area access system (2) correspond to the access rights defined at said information centre (3) for said data, and after a request of a requesting data area access system (2) for data of a certain type; and then
      directly transmitting said data of said certain type by said data area access system (1) storing said data to said requesting data area access system (2) subject to said data area access system (1) storing said data having received a confirmation from said information centre (3).
    2. A method as defined in Claim 1, wherein an authorisation of the storage of data and of the definition of the access rights of third parties to the data takes place by means of an identity check of the owner of the rights to the data.
    3. A method as defined in Claim 1 or 2, wherein data to be stored are stored in said data area access system (1) with an electronic form which contains the type of the data.
    4. A method as defined in one the Claims 1 to 3, wherein a data area access system (1) storing data responds to a request for certain data of a certain type by a requesting data area access system (2) by verifying the access rights through an inquiry to the information centre (3) as to whether the requesting data area access system (2) has access rights to the certain data of a certain type.
    5. A method as defined in one the Claims 1 to 4, wherein a data area access system (2) receiving certain data of a certain type allows access to the received data only directly after a respective reception of said data.
    6. A method as defined in one the Claims 1 to 5, wherein a data area access system (1) storing certain data of a certain type grants access to the certain data of a certain type only if a positive verification has taken place through an inquiry to the information centre (3) as to whether said data area access system (1) storing said certain data of a certain type can show access rights for said data of a certain type.
    7. A method as defined in one the Claims 1 to 6, wherein the information centre (3) is notified by a data area access system (1) having new data about the presence of new data of a certain type, whereupon said information centre (3) sends a notifying confirmation to the data area access system (1).
    8. A method as defined in one the Claims 1 to 7, wherein said data are identified on the basis of an identification which is allocated as a unique identification by said information centre (3) and is transmitted by said information centre (3) after registration of a new data to the data area access system (1) storing said data, in order for said system to append the respective identification to the respective data.
    9. A method as defined in one the Claims 1 to 8, wherein after an inquiry for data of a certain type by a data area access system (2), said information centre (3) prepares a list of all the data present of this certain type before it verifies the access rights to the data of the certain type, in order to transmit the list of data present of this certain type, specifying the data area access system (1) respectively storing these data, to the requesting data area access system (2) for which the requesting data area access system (2) can show said access rights.
    10. A method as defined in one the Claims 1 to 9, wherein when data access is desired by a data area access system (2) to data of a certain type, firstly a request for such data of the certain type is sent to the information centre (3).
    11. A method as defined in one the Claims 1 to 10, wherein when data transmission is desired from a data area access system (1) storing data to a requesting data area access system (2), firstly a request for certain data of a certain type is sent by the latter system to the data area access system (1) storing these certain data of a certain type.
    12. A method as defined in one the Claims 1 to 11, wherein the data in a data area access system (1) are stored in a secure memory, no direct access being possible to the data stored therein.
    13. A method as defined in one the Claims 1 to 12, wherein the type of the data is determined by their content and/or the owner of the rights to the data.
    14. A method as defined in one the Claims 1 to 13, wherein the access rights to stored data can be defined by the owner of the rights to the data at any point in time after their registration at the information centre (3) and, after that, can be changed again as desired by re-definition by the owner of the rights to the data.
    15. A method as defined in one the Claims 1 to 14, wherein the access rights to stored data can be granted by the owner of the rights to the data when they are stored in a data area access system (1).
    16. A method as defined in one the Claims 1 to 15, wherein communication between a data area access system (1,2) and the information centre (3) or another data area access system (1,2) takes place in encrypted form.
    17. A method as defined in Claim 16, wherein the sender provides the information sent by him with a digital signature by means of a secret signature code, whereby the recipient can verify the sent information by means of an associated public signature code.
    18. A method as defined in Claims 16 or 17, wherein the sender encodes all transmitted data by means of a public encryption code issued by the recipient, whereby only the recipient can decode the transmitted data by means of a secret encryption code.
    19. A method as defined in one the Claims 16 to 18, wherein not only each data area access system (1,2) and the information centre (3) but also each participant has a secret signature code and a secret encryption code and a public signature code and a public encryption code.
    20. A method as defined in Claim 19, wherein the secret signature codes and encryption codes and/or public signature codes and encryption codes of a participant are stored on a data carrier, such as a smart card.
    21. A method as defined in one the Claims 1 to 20, wherein a participant accessing the network must authorise himself and his identity is verified by the information centre (3).
    22. A method as defined in Claim 21, wherein the identity of a participant is stored on a data carrier such as a smart card.
    23. A method as defined in one the Claims 1 to 22, wherein the permission for storing the data is given by the owner of the rights to the data at the latest when the data are registered at the information centre (3), said information centre (3) not allowing any subsequent data access to these data without correct authorisation.
    24. A method as defined in at least one of the preceding Claims, wherein when the data are transmitted, the appropriation specified by the owner of the access rights for the transmission of these data in the original data context is transmitted together with these data in the form of an electronic watermark and these data are additionally marked visibly as an appropriated copy of the original data.
    EP99929131A 1998-06-03 1999-06-02 Method for secured access to data in a network Expired - Lifetime EP1084465B1 (en)

    Applications Claiming Priority (3)

    Application Number Priority Date Filing Date Title
    DE19824787 1998-06-03
    DE19824787A DE19824787C2 (en) 1998-06-03 1998-06-03 Procedure for secure access to data in a network
    PCT/EP1999/003839 WO1999063420A1 (en) 1998-06-03 1999-06-02 Method for secured access to data in a network

    Publications (2)

    Publication Number Publication Date
    EP1084465A1 EP1084465A1 (en) 2001-03-21
    EP1084465B1 true EP1084465B1 (en) 2005-12-28

    Family

    ID=7869772

    Family Applications (1)

    Application Number Title Priority Date Filing Date
    EP99929131A Expired - Lifetime EP1084465B1 (en) 1998-06-03 1999-06-02 Method for secured access to data in a network

    Country Status (8)

    Country Link
    US (1) US7100206B1 (en)
    EP (1) EP1084465B1 (en)
    JP (1) JP4435979B2 (en)
    AT (1) ATE314685T1 (en)
    CA (1) CA2333993C (en)
    DE (1) DE19824787C2 (en)
    DK (1) DK1084465T3 (en)
    WO (1) WO1999063420A1 (en)

    Families Citing this family (19)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    DE19925910B4 (en) * 1999-06-07 2005-04-28 Siemens Ag Method for processing or processing data
    AU2606801A (en) * 1999-12-30 2001-07-16 B4Bpartner, Inc. Electronic safe deposit box
    SG103829A1 (en) * 2000-01-28 2004-05-26 Canon Kk Digital contents distribution system, digital contents distribution method, roaming server, information processor, and information processing method
    US6826609B1 (en) * 2000-03-31 2004-11-30 Tumbleweed Communications Corp. Policy enforcement in a secure data file delivery system
    JP2003044342A (en) * 2001-07-30 2003-02-14 Ppp Design Corp Data leakage prevention system, its input/output terminal and data transmitting method in internet communication
    DE10144443A1 (en) * 2001-09-05 2003-03-20 Deutsche Telekom Ag Determining positions of group of people, involves making query to database to which structured information reply re positions of group members is returned via same terminal by server
    DE10209780B4 (en) * 2001-10-11 2004-04-08 Symbasis Gmbh Data processing system for patient data
    DE10156877B4 (en) * 2001-11-20 2007-07-26 M Net Gmbh Medizinisches Datensystem Method and system for secure storage and readout of user data
    DE10312774A1 (en) * 2003-03-21 2004-10-14 Deutsche Telekom Ag Method and communication system for releasing a data processing unit
    AU2003902422A0 (en) 2003-05-19 2003-06-05 Intellirad Solutions Pty. Ltd Access security system
    DE10349792B4 (en) * 2003-10-24 2012-03-22 Deutsche Telekom Ag Method for data transmission via a telecommunication network between a first and at least one second telecommunication subscriber
    US20060074718A1 (en) * 2004-05-20 2006-04-06 Idexx Laboratories, Inc. Portable veterinary medical record apparatus and method of use
    AU2005266922A1 (en) * 2004-07-23 2006-02-02 Privit, Inc. Privacy compliant consent and data access management system and method
    US20060177114A1 (en) * 2005-02-09 2006-08-10 Trongtum Tongdee Medical digital asset management system and method
    US20070203754A1 (en) * 2006-01-26 2007-08-30 Harrington David G Network health record and repository systems and methods
    WO2007120799A2 (en) 2006-04-11 2007-10-25 Medox Exchange, Inc. Dynamic binding of access and usage rights to computer-based resources
    AT504141B1 (en) * 2006-11-10 2008-03-15 Siemens Ag Oesterreich Access authorization allocating method, involves implementing granting or denying of access authorization to data, and transmitting electronic notification e.g. electronic mail, to data owner, by identity and access management unit
    SG191609A1 (en) * 2008-05-27 2013-07-31 Agency Science Tech & Res A method and system for sharing data
    DE102017202183A1 (en) * 2017-02-10 2018-08-16 Bundesdruckerei Gmbh Access management system for exporting data records

    Family Cites Families (19)

    * Cited by examiner, † Cited by third party
    Publication number Priority date Publication date Assignee Title
    EP0398492B1 (en) * 1989-05-15 1997-01-22 International Business Machines Corporation A flexible interface to authentication services in a distributed data processing system
    JPH0378045A (en) * 1989-08-21 1991-04-03 Nippon Denki Computer Syst Kk Computer system
    JPH05189290A (en) * 1992-01-09 1993-07-30 Fujitsu Ltd Link sensor managing method in distributed data base processing system
    JPH0812632B2 (en) * 1992-04-30 1996-02-07 インターナショナル・ビジネス・マシーンズ・コーポレイション Information system and information method
    JPH06266600A (en) * 1993-03-12 1994-09-22 Hitachi Ltd Distributed file system
    EP0674283A3 (en) 1994-03-24 1996-03-27 At & T Global Inf Solution Ordering and downloading resources from computerized repositories.
    CA2125300C (en) * 1994-05-11 1999-10-12 Douglas J. Ballantyne Method and apparatus for the electronic distribution of medical information and patient services
    US5694471A (en) * 1994-08-03 1997-12-02 V-One Corporation Counterfeit-proof identification card
    US5706349A (en) * 1995-03-06 1998-01-06 International Business Machines Corporation Authenticating remote users in a distributed environment
    US5678041A (en) * 1995-06-06 1997-10-14 At&T System and method for restricting user access rights on the internet based on rating information stored in a relational database
    US5787175A (en) * 1995-10-23 1998-07-28 Novell, Inc. Method and apparatus for collaborative document control
    FR2744542B1 (en) * 1996-02-07 1998-03-06 Bull Sa METHOD FOR CONTROLLING ACCESS TO THE MANAGEMENT INFORMATION BASE VIA THE COMMUNICATIONS INFRASTRUCTURE OF AN APPLICATION OR OF AN APPLICATION USER
    US5760917A (en) * 1996-09-16 1998-06-02 Eastman Kodak Company Image distribution method and system
    JPH10111897A (en) * 1996-10-07 1998-04-28 Hitachi Ltd How to share medical information
    WO1998015910A1 (en) * 1996-10-09 1998-04-16 Schultz Myron G Global electronic medical record
    NZ337954A (en) * 1997-03-13 2001-09-28 First Opinion Corp Computerized disease management method adjusts a disease therapy for a patient based on obtained health data
    US6055506A (en) * 1997-04-25 2000-04-25 Unitron Medical Communications, Inc. Outpatient care data system
    US6463417B1 (en) * 2000-02-22 2002-10-08 Carekey.Com, Inc. Method and system for distributing health information
    US6651060B1 (en) * 2000-11-01 2003-11-18 Mediconnect.Net, Inc. Methods and systems for retrieval and digitization of records

    Also Published As

    Publication number Publication date
    DK1084465T3 (en) 2006-05-22
    DE19824787A1 (en) 1999-12-16
    US7100206B1 (en) 2006-08-29
    DE19824787C2 (en) 2000-05-04
    CA2333993A1 (en) 1999-12-09
    ATE314685T1 (en) 2006-01-15
    CA2333993C (en) 2011-07-26
    EP1084465A1 (en) 2001-03-21
    JP4435979B2 (en) 2010-03-24
    WO1999063420A1 (en) 1999-12-09
    JP2002517812A (en) 2002-06-18

    Similar Documents

    Publication Publication Date Title
    EP1084465B1 (en) Method for secured access to data in a network
    DE69815575T2 (en) Method and device for storing data and controlling access to it
    EP0781428B1 (en) Data archive system
    DE69731338T2 (en) Method and system for secure transmission and storage of protected information
    WO2003034294A2 (en) Data processing system for patient data
    DE102012202701A1 (en) Method for processing patient-related data records
    DE60309216T2 (en) METHOD AND DEVICES FOR PROVIDING DATA ACCESS
    DE10253676B4 (en) Method and device for the remote transmission of sensitive data
    DE102020212187A1 (en) Medical data management system
    DE102020207034A1 (en) SHARED WITHDRAWAL PROTOCOL FOR DATA ACCESS CONTROL
    DE102011003784B3 (en) Securing access to distributed data in an insecure data network
    EP1262855A2 (en) Personal electronic medical record secured against sabotage and which is censorship-resistant
    DE10156877B4 (en) Method and system for secure storage and readout of user data
    WO2019206384A1 (en) Method for combining different partial data
    DE202021100724U1 (en) Verification system for verifying a qualified test
    EP3792925A1 (en) Method and apparatus for data technical communication in a network
    DE10209780B4 (en) Data processing system for patient data
    DE10327291B4 (en) System for ensuring the confidentiality of electronic data, especially patient data, in a network by use of pseudonyms, whereby a pseudonym generator uses a policy database for pseudonym generating rules with supplied patient data
    DE102012220774B4 (en) Procedures for Conducting Transactions
    EP2693352A1 (en) System for transferring personal and non-personal data (data split)
    EP1102193A1 (en) Medical system for patient data referral/transfer
    EP3886025A1 (en) Method for carrying out transactions
    EP1131766A1 (en) Patient data file management system with possibility for patient access
    DE10307995B4 (en) Method for signing data
    AT503291B1 (en) Data processing system for processing object data of standard entities, has input device that access object identification data of associated standard entity and relevant user data when security key assigned to standard entities is entered

    Legal Events

    Date Code Title Description
    PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

    Free format text: ORIGINAL CODE: 0009012

    17P Request for examination filed

    Effective date: 20001221

    AK Designated contracting states

    Kind code of ref document: A1

    Designated state(s): AT CH DK FI FR GB LI NL SE

    GRAP Despatch of communication of intention to grant a patent

    Free format text: ORIGINAL CODE: EPIDOSNIGR1

    GRAS Grant fee paid

    Free format text: ORIGINAL CODE: EPIDOSNIGR3

    GRAA (expected) grant

    Free format text: ORIGINAL CODE: 0009210

    AK Designated contracting states

    Kind code of ref document: B1

    Designated state(s): AT CH DK FI FR GB LI NL SE

    REG Reference to a national code

    Ref country code: GB

    Ref legal event code: FG4D

    Free format text: NOT ENGLISH

    REG Reference to a national code

    Ref country code: CH

    Ref legal event code: EP

    REG Reference to a national code

    Ref country code: CH

    Ref legal event code: NV

    Representative=s name: BRAUNPAT BRAUN EDER AG

    REG Reference to a national code

    Ref country code: SE

    Ref legal event code: TRGR

    GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

    Effective date: 20060329

    REG Reference to a national code

    Ref country code: DK

    Ref legal event code: T3

    ET Fr: translation filed
    PLBE No opposition filed within time limit

    Free format text: ORIGINAL CODE: 0009261

    STAA Information on the status of an ep patent application or granted ep patent

    Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

    26N No opposition filed

    Effective date: 20060929

    REG Reference to a national code

    Ref country code: FR

    Ref legal event code: PLFP

    Year of fee payment: 18

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: FI

    Payment date: 20160620

    Year of fee payment: 18

    Ref country code: GB

    Payment date: 20160628

    Year of fee payment: 18

    Ref country code: CH

    Payment date: 20160621

    Year of fee payment: 18

    PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

    Ref country code: FR

    Payment date: 20160621

    Year of fee payment: 18

    Ref country code: SE

    Payment date: 20160621

    Year of fee payment: 18

    Ref country code: NL

    Payment date: 20160621

    Year of fee payment: 18

    Ref country code: DK

    Payment date: 20160622

    Year of fee payment: 18

    Ref country code: AT

    Payment date: 20160620

    Year of fee payment: 18

    REG Reference to a national code

    Ref country code: DK

    Ref legal event code: EBP

    Effective date: 20170630

    REG Reference to a national code

    Ref country code: SE

    Ref legal event code: EUG

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: FI

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20170602

    REG Reference to a national code

    Ref country code: CH

    Ref legal event code: PL

    REG Reference to a national code

    Ref country code: NL

    Ref legal event code: MM

    Effective date: 20170701

    REG Reference to a national code

    Ref country code: AT

    Ref legal event code: MM01

    Ref document number: 314685

    Country of ref document: AT

    Kind code of ref document: T

    Effective date: 20170602

    GBPC Gb: european patent ceased through non-payment of renewal fee

    Effective date: 20170602

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: SE

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20170603

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: NL

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20170701

    REG Reference to a national code

    Ref country code: FR

    Ref legal event code: ST

    Effective date: 20180228

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: LI

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20170630

    Ref country code: CH

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20170630

    Ref country code: GB

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20170602

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: AT

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20170602

    Ref country code: FR

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20170630

    PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

    Ref country code: DK

    Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

    Effective date: 20170630